isolation

package
v1.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 22, 2024 License: Apache-2.0 Imports: 28 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	QEMUIMGPath = "/usr/bin/qemu-img"
)

Variables

This section is empty.

Functions

func AdjustQemuProcessMemoryLimits added in v0.42.0 

func AdjustQemuProcessMemoryLimits(podIsoDetector PodIsolationDetector, vmi *v1.VirtualMachineInstance, additionalOverheadRatio *string) error

AdjustQemuProcessMemoryLimits adjusts QEMU process MEMLOCK rlimits that runs inside virt-launcher pod on the given VMI according to its spec. Only VMI's with VFIO devices (e.g: SRIOV, GPU), SEV or RealTime workloads require QEMU process MEMLOCK adjustment.

func GetImageInfo added in v0.20.0 

func GetImageInfo(imagePath string, context IsolationResult, config *v1.DiskVerification) (*containerdisk.DiskInfo, error)

func GetNspid added in v0.58.2 

func GetNspid(vmpid int) (int, error)

Returns the pid of "vmpid" as seen from the first pid namespace the task belongs to.

func IsBlockDevice added in v0.49.1 

func IsBlockDevice(path *safepath.Path) (bool, error)

IsBlockDevice checks if the given path is a block device or not.

func IsMounted added in v0.49.1 

func IsMounted(mountPoint *safepath.Path) (isMounted bool, err error)

IsMounted checks if the given path is a mount point or not.

func MountInfoRoot added in v0.42.0 

func MountInfoRoot(r IsolationResult) (mountinfo *mount.Info, err error)

MountInfoRoot returns the mount information for the root mount point

func ParentPathForMount added in v0.58.0 

func ParentPathForMount(parent IsolationResult, child IsolationResult, source, target string) (*safepath.Path, error)

func ParentPathForRootMount added in v0.42.0 

func ParentPathForRootMount(parent IsolationResult, child IsolationResult) (*safepath.Path, error)

ParentPathForRootMount takes a container (child) and composes a path to the root mount point in the context of the parent.

func SafeJoin added in v0.49.1 

func SafeJoin(res IsolationResult, elems ...string) (*safepath.Path, error)

Types

type IsolationResult 

type IsolationResult interface {
	// process ID
	Pid() int
	// parent process ID
	PPid() int
	// full path to the process namespace
	PIDNamespace() string
	// full path to the process root mount
	MountRoot() (*safepath.Path, error)
	// full path to the mount namespace
	MountNamespace() string
	// mounts for the process
	Mounts(mount.FilterFunc) ([]*mount.Info, error)
	// returns the QEMU process
	GetQEMUProcess() (ps.Process, error)
	// returns the KVM PIT pid
	KvmPitPid() (int, error)
}

IsolationResult is the result of a successful PodIsolationDetector.Detect

func NewIsolationResult 

func NewIsolationResult(pid, ppid int) IsolationResult

type MockIsolationResult added in v0.27.0 

type MockIsolationResult struct {
	// contains filtered or unexported fields
}

Mock of IsolationResult interface

func NewMockIsolationResult added in v0.27.0 

func NewMockIsolationResult(ctrl *gomock.Controller) *MockIsolationResult

func (*MockIsolationResult) EXPECT added in v0.27.0 

func (_m *MockIsolationResult) EXPECT() *_MockIsolationResultRecorder

func (*MockIsolationResult) GetQEMUProcess added in v0.58.1 

func (_m *MockIsolationResult) GetQEMUProcess() (go_ps.Process, error)

func (*MockIsolationResult) KvmPitPid added in v0.58.2 

func (_m *MockIsolationResult) KvmPitPid() (int, error)

func (*MockIsolationResult) MountNamespace added in v0.27.0 

func (_m *MockIsolationResult) MountNamespace() string

func (*MockIsolationResult) MountRoot added in v0.27.0 

func (_m *MockIsolationResult) MountRoot() (*safepath.Path, error)

func (*MockIsolationResult) Mounts added in v0.42.0 

func (_m *MockIsolationResult) Mounts(_param0 mountinfo.FilterFunc) ([]*mountinfo.Info, error)

func (*MockIsolationResult) PIDNamespace added in v0.27.0 

func (_m *MockIsolationResult) PIDNamespace() string

func (*MockIsolationResult) PPid added in v0.42.0 

func (_m *MockIsolationResult) PPid() int

func (*MockIsolationResult) Pid added in v0.27.0 

func (_m *MockIsolationResult) Pid() int

type MockPodIsolationDetector 

type MockPodIsolationDetector struct {
	// contains filtered or unexported fields
}

Mock of PodIsolationDetector interface

func NewMockPodIsolationDetector 

func NewMockPodIsolationDetector(ctrl *gomock.Controller) *MockPodIsolationDetector

func (*MockPodIsolationDetector) AdjustResources added in v0.21.0 

func (_m *MockPodIsolationDetector) AdjustResources(vm *v1.VirtualMachineInstance, additionalOverheadRatio *string) error

func (*MockPodIsolationDetector) Detect 

func (_m *MockPodIsolationDetector) Detect(vm *v1.VirtualMachineInstance) (IsolationResult, error)

func (*MockPodIsolationDetector) DetectForSocket added in v0.20.0 

func (_m *MockPodIsolationDetector) DetectForSocket(vm *v1.VirtualMachineInstance, socket string) (IsolationResult, error)

func (*MockPodIsolationDetector) EXPECT 

func (_m *MockPodIsolationDetector) EXPECT() *_MockPodIsolationDetectorRecorder

type PodIsolationDetector 

type PodIsolationDetector interface {
	// Detect takes a vm, looks up a socket based the VM and detects pid, cgroups and namespaces of the owner of that socket.
	// It returns an IsolationResult containing all isolation information
	Detect(vm *v1.VirtualMachineInstance) (IsolationResult, error)

	DetectForSocket(vm *v1.VirtualMachineInstance, socket string) (IsolationResult, error)

	// Adjust system resources to run the passed VM
	AdjustResources(vm *v1.VirtualMachineInstance, additionalOverheadRatio *string) error
}

PodIsolationDetector helps detecting cgroups, namespaces and PIDs of Pods from outside of them. Different strategies may be applied to do that.

func NewSocketBasedIsolationDetector 

func NewSocketBasedIsolationDetector(socketDir string) PodIsolationDetector

NewSocketBasedIsolationDetector takes socketDir and creates a socket based IsolationDetector It returns a PodIsolationDetector which detects pid, cgroups and namespaces of the socket owner.

type RealIsolationResult added in v0.42.0 

type RealIsolationResult struct {
	// contains filtered or unexported fields
}

func NodeIsolationResult 

func NodeIsolationResult() *RealIsolationResult

func (*RealIsolationResult) GetQEMUProcess added in v0.58.1 

func (r *RealIsolationResult) GetQEMUProcess() (ps.Process, error)

GetQEMUProcess encapsulates and exposes the logic to retrieve the QEMU process ID

func (*RealIsolationResult) KvmPitPid added in v0.58.2 

func (r *RealIsolationResult) KvmPitPid() (int, error)

func (*RealIsolationResult) MountNamespace added in v0.42.0 

func (r *RealIsolationResult) MountNamespace() string

func (*RealIsolationResult) MountRoot added in v0.42.0 

func (r *RealIsolationResult) MountRoot() (*safepath.Path, error)

func (*RealIsolationResult) MountRootRelative added in v0.49.1 

func (r *RealIsolationResult) MountRootRelative(relativePath string) (*safepath.Path, error)

func (*RealIsolationResult) Mounts added in v0.42.0 

func (r *RealIsolationResult) Mounts(filter mount.FilterFunc) ([]*mount.Info, error)

Mounts returns mounts for the given process based on the supplied filter

func (*RealIsolationResult) PIDNamespace added in v0.42.0 

func (r *RealIsolationResult) PIDNamespace() string

func (*RealIsolationResult) PPid added in v0.42.0 

func (r *RealIsolationResult) PPid() int

func (*RealIsolationResult) Pid added in v0.42.0 

func (r *RealIsolationResult) Pid() int

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.